General

  • Target

    file.exe

  • Size

    1.5MB

  • Sample

    221228-qbh7ksad97

  • MD5

    75ae21ffb444c99cb63f0d9abaa648b2

  • SHA1

    d3666f32224c5244e7d098773af3679f5ab03db4

  • SHA256

    c0dc0167c70151a4f5311b40d638628e311d3a0f17320515897c7d96ad755968

  • SHA512

    8ee59828d0dbdd63747c49a74d99efd024ffc4cab1fd531eac5a9e57cc539799adcee7586617ff2b5e47dcc7224518dfbd8bcfb7dbf7effb48a0d05d0a7b85ec

  • SSDEEP

    24576:yAiKf8LZFNvGPSj4jzmQuiOi07JuutJRh4Emqmmq/mh9mITmkQS:yIOvTQSguXtFQS

Malware Config

Extracted

Family

vidar

Version

1.7

Botnet

724

C2

https://t.me/robloxblackl

https://steamcommunity.com/profiles/76561199458928097

Attributes
  • profile_id

    724

Targets

    • Target

      file.exe

    • Size

      1.5MB

    • MD5

      75ae21ffb444c99cb63f0d9abaa648b2

    • SHA1

      d3666f32224c5244e7d098773af3679f5ab03db4

    • SHA256

      c0dc0167c70151a4f5311b40d638628e311d3a0f17320515897c7d96ad755968

    • SHA512

      8ee59828d0dbdd63747c49a74d99efd024ffc4cab1fd531eac5a9e57cc539799adcee7586617ff2b5e47dcc7224518dfbd8bcfb7dbf7effb48a0d05d0a7b85ec

    • SSDEEP

      24576:yAiKf8LZFNvGPSj4jzmQuiOi07JuutJRh4Emqmmq/mh9mITmkQS:yIOvTQSguXtFQS

    • Vidar

      Vidar is an infostealer based on Arkei stealer.

    • Loads dropped DLL

    • Accesses 2FA software files, possible credential harvesting

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks